Hello,
I have model: CCR1036-12G-4S.
I replaced default 4Gb ram with 16Gb (two 8Gb modules) and in Winbox I can see that I have 15.9 GiB, but in console I see only
[ard@z3k-router] > /system resource print
uptime: 2d20h6m48s
version: 6.0rc9
build-time: Feb/08/2013 08:15:34
free-memory: 3534.3MiB
total-memory: 3957.0MiB
cpu: tilegx
cpu-count: 36
cpu-frequency: 1000MHz
cpu-load: 0%
free-hdd-space: 903.5MiB
total-hdd-space: 1024.0MiB
architecture-name: tile
board-name: CCR1036-12G-4S
platform: MikroTik
Why do I see different information in winbox and in terminal (trough ssh)? And how to correct this?
Next in connection tracking system I see only 512K max-entries (the same for 4Gb ram and for 16Gb):
[ard@z3k-router] > ip firewall connection tracking print
enabled: auto
tcp-syn-sent-timeout: 5s
tcp-syn-received-timeout: 5s
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 10s
tcp-close-wait-timeout: 10s
tcp-last-ack-timeout: 10s
tcp-time-wait-timeout: 10s
tcp-close-timeout: 10s
udp-timeout: 10s
udp-stream-timeout: 3m
icmp-timeout: 10s
generic-timeout: 10m
max-entries: 524288
total-entries: 0
[ard@z3k-router] >
In some situation such amount is not enough. Especially during DOS attacks with spoofed IP address going throug the router. Looking at previous experience It would be nice to increase this value at least 5 times. This vaue is read-only so I simply can’t change it.
I will definetely try latest os version, but don’t see anything related to my issues in changelog.
–
Today I looked at RB1200 and found that it has the same connection-tracking limi of “max-entries: 524288”
[ard@****k] > ip firewall connection tracking print
enabled: yes
tcp-syn-sent-timeout: 5s
tcp-syn-received-timeout: 5s
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 10s
tcp-close-wait-timeout: 10s
tcp-last-ack-timeout: 10s
tcp-time-wait-timeout: 10s
tcp-close-timeout: 10s
udp-timeout: 10s
udp-stream-timeout: 3m
icmp-timeout: 10s
generic-timeout: 10m
tcp-syncookie: no
max-entries: 524288
total-entries: 3812
[ard@****k] > system resource print
uptime: 8w2d3h56m55s
version: 5.5
free-memory: 478496KiB
total-memory: 516560KiB
cpu: 460GT
cpu-count: 1
cpu-frequency: 999MHz
cpu-load: 41%
free-hdd-space: 30580KiB
total-hdd-space: 61440KiB
write-sect-since-reboot: 60975
write-sect-total: 60975
bad-blocks: 0%
architecture-name: powerpc
board-name: RB1200
platform: MikroTik
[ard@****k] >
This seems to be some common limit for the devices with 512Mb and above memory installed. Also update to the latest beta didn’t solve the issue. Is there any way to increase this limit?
–
Is there any way to increase this limit?
Probably no, it looks like hard-coded value (512k).http://forum.mikrotik.com/t/connection-tracking-max-entries-property/59005/1
Regards,
normis
March 14, 2013, 2:30pm
4
arddennis:
Hello,
I have model: CCR1036-12G-4S.
I replaced default 4Gb ram with 16Gb (two 8Gb modules) and in Winbox I can see that I have 15.9 GiB, but in console I see only
there was a bug in winbox, it is fixed in latest v6.0rc12 build.
you mean, the bug was in CLI? %)
normis
March 15, 2013, 6:45am
6
yes of course
and what about conntrack max-entries?
normis
March 15, 2013, 10:00am
8
this number doesn’t automatically increase just by adding RAM, it increases based on remaining RAM, when you use most of the entries given in the number. So if your default max is 500000 with 4GB, it will be also 500000 with 16GB until you use 500000, then it will increase based on free RAM
Thanks Normis, it’s good to know that hard-coded limit doesn’t exists.
Regards,
16GB is the correct one